Information on Preventing Certain Types of Software from Running Automatically (263568)

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

This article describes system settings that can help prevent rogue software from running on a system. An example of this would be an e-mail attachment in the form of a Visual Basic Script file (.vbs), although other file types may possibly cause system actions that are unwanted as well.

Please note that changing the default application handler for certain file types may increase security but may have other effects as well because the file type will no longer open with the default application (also known as the application handler). The best solution is to update the Emergency Repair Disk and write-protect it, or, to back up the registry, and then save the backup file as an archive. This way, if a change is made, it can be undone by restoring the registry. The changes can also be recorded to a document and then saved so that the changes could be reversed if proven to be detrimental.

MORE INFORMATION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The goal of this procedure is to change the application that opens the following file types so that if the file type opens, it opens with Notepad.exe and not with the application handler.

To change the default application for these file types

.jse
.js
.reg
.vbs
.vbe
.wsf

follow these steps:

Double-click My Computer on the desktop.
Click the File Types tab, and then scroll down to the first item in the list above, .jse, which is a JScript Encoded file.
Highlight the Jscript Encoded file type, and then click Edit.
In the Action window, click the action type Open, and then click Edit.
Change the following line from
C:\WINNT\System32\Wscript.exe "%1" %*

to:

C:\WINNT\System32\Notepad.exe "%1" %*
Click OK, and then click Close.
Repeat these steps for each of the other listed file types above.

Note that this article includes .reg files, which are registry files. The default action of a .reg file is to merge the information into the registry if the user has sufficient privilege. As a safety precaution this article recommends changing the .reg file type to open with Notepad as there are other ways to automatically merge registry information if needed.

There are other steps that can be taken to maximize security for a computer running Windows NT or Windows 2000. For more information please visit the following Microsoft TechNet web site: http://www.microsoft.com/technet/security/default.mspx